Vieri wrote: > I setup freeradius to accept authentications using PEAP-MSCHAPv2 with client > certificates via "EAP-TLS-Require-Client-Cert = Yes". > > However, clients who authenticate via EAP-TLS also succeed. > > How can I reject all auth types except PEAP-MSCHAPv2 with > "EAP-TLS-Require-Client-Cert = Yes"? > (ie. I require both client certificates and username/password.)
Put this in the "users" file: DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
